Bernhard.Linz/openvpn-install
1
0
Fork 0
mirror of https://github.com/angristan/openvpn-install.git synced 2025-12-06 12:42:41 +01:00
Code Issues Projects Releases Wiki Activity

security: add validation for root.hints download

Browse Source 
Verify that the downloaded root.hints file is not empty and contains
expected DNS root server content before using it.
This commit is contained in:
Stanislas Lange
2025-12-04 18:08:09 +01:00
committed by Stanislas
parent 94f0967878
commit 960be1a658
1 changed files with 6 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
openvpn-install.sh
View File

@@ -147,6 +147,12 @@ prefetch: yes' >>/etc/unbound/unbound.conf
# Get root servers list
curl -o /etc/unbound/root.hints https://www.internic.net/domain/named.cache
# Verify download was successful and file contains expected content
if [[ ! -s /etc/unbound/root.hints ]] || ! grep -q "ROOT-SERVERS" /etc/unbound/root.hints; then
echo "Failed to download root.hints or file is invalid!"
rm -f /etc/unbound/root.hints
exit 1
fi
if [[ ! -f /etc/unbound/unbound.conf.old ]]; then
mv /etc/unbound/unbound.conf /etc/unbound/unbound.conf.old